Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Transparent Data Encryption : OpenEdge Key Store : OpenEdge key store

OpenEdge key store

Your OpenEdge database key store is created when you enable your database for transparent data encryption through the PROUTIL ENABLEENCRYPTION command. The key store has the following main functions:
*To store the Database Master Key (DMK) externally from the database.
*To derive the individual database object virtual keys from the DMK.
*To protect the DMK and object virtual keys from being copied.
*To control access to the key store through built-in user accounts with strong passphrase protection.
*To deny access to a transparent data encryption-enabled database if the user cannot open the key store by supplying a passphrase for one of the built-in key store user accounts.
*To configure opening of the key store through automated processes.
A key store has two built-in user accounts, the admin account and the user account. Administrator privilege is required to create or change any key store value, including all aspects of encryption key generation and storage, passphrases, and autostart configuration. User privilege is required to access encryption key values. You must always provide a passphrase for the admin account when you create the key store; the user account passphrase is optional. The passphrases for the user and admin accounts must be different.
For an introduction to PROUTIL ENABLEENCRYPTION, see Enabling Encryption. For complete details on the command, see OpenEdge Data Management: Database Administration.
When your key store is created, it is bound to your database but remains a separate entity. PROBKUP does not backup your key store. If you create a copy of your database with PROCOPY, the key store is not copied. The key store is not part of your database structure definition. If you copy an encryption-enabled database, you will not be able open the copy until you copy and rebind the key store to the copied database with the PROUTIL EPOLICY command.